WordPress has been around for a long time, it's also the benchmark for the content authoring and consumption experience - nearly every modern CMS still follows the same interface layout. The popular framework still dominates the market share with 62.5% of all websites being built in WordPress as of December 2023; this has been waning in recent years with many more alternatives available for different offerings. It is interesting to note that the nearest competitor Shopify only has a 6% market share.
Among its many selling points include quick installation, ease of use and ease of customisation. WordPress is also free out of the box, yet part of a vast store of themes and plugins to choose from. The store itself also allows multiple purchase options for all budgetary levels.
WordPress is famous for being simple to set up and easy to customise which means that a website can be created and deployed in a short amount of time with limited skill or knowledge from either the client or supplier. At its base layer, a developer or client can simply buy a pre-built theme, customise it with their branding and content and boom - website. Job done.
Another bonus is there are many companies around the world which specialise in hosting and basic maintenance of WordPress sites, and these are very appealing for establishing an online presence without a massive investment or (ahem) thinking long-term.
WordPress has a vast level of community support, it's probably rare that a developer or marketer today (2023) hasn't worked with or used WordPress at some point. This community allows for anyone who is developing on this CMS (by choice or not) to find the solutions they need to fulfil their client / projects’ requirements - spoiler alert - the answer is usually plugins - every time.
WordPress is so widespread within the development and marketing community that if you work within the realms of digital marketing, there is really no excuse for not knowing and being familiar with the basics - None. Not one.
To summarise, WordPress is cheap, requires little to know skill or knowledge to set up and use and is so common that any major hurdle has already been solved by someone else - again, usually through plugins.
However… despite all the things that WordPress can do and has accomplished, there are many ways where more modern systems and practices have made WordPress more a questionable choice versus the many alternatives now available today (2023).
Security
I’ll open with the big one, WordPress is naturally insecure. The quick installation of WordPress simply allows all files and functionality to be uploaded to the “public” directory - as its name suggests, part of the webserver which is publicly available. This means that without the necessary precautions, sensitive details such as database access details can be easily retrieved by potential hackers. Modern systems get around this by only having a single executable file in the “public” directory, which accesses the non-public resources to handle displaying the page.
Another security issue is with post comments. As WordPress was built for blogging (we’ll talk more on that later), all news / blog articles are set to allow comments by default. Although the comment form can be disabled and hidden, the comment endpoint can still be accessed - which usually results in a lot of spam being added as post comments, but of course there's a plugin for that.
Plugins, plugins, plugins
As previously mentioned, WordPress was conceived as a framework for blogging and not for rich, engaging brochure or e-commerce websites. Thankfully, there are plugins that can achieve virtually anything the website, but the number of plugins needed just to make a basic functioning website is staggering compared to competing frameworks. The impact on performance soon becomes as apparent as the functionality of each plugin becomes part of each page load, again there are plugins for caching to improve performance, but this feels like backwards logic compared to modern practices.
Plugin version control (& version control in general)
With so many plugins required for a basic website and each one versioned independently, it's up to a developer to regularly check for compatibility issues and keep them up to date. However, at some stage there will be conflicts between different plugins, which at first can be difficult to root out - the general advice being to turn plugins off until the problem resolves itself. Although sound advice, this can be a time-consuming task - all the while, the website will not be functioning as intended.
In all, WordPress is still designed to be a single website hosted somewhere with some upload access for making updates; it is not intended to work within the modern practice of source control or in a multi-environment setup. Although, this can achieved, there are still additional checks required ensuring that an update is deployed correctly, this includes manually checking for additional files created by plugins as well as the website URLs in the database - which contain the full website URL instead of a relative path (one which needs only the path via the public directory). As minor an inconvenience as this sounds, this seriously hinders the modern practice of local, staging and production environments that allow for development, and review processes before an update is made live.
Modern platforms now use package managers via Composer for PHP (the backend coding standard WordPress is based on) and NPM (used for on-page functionality - namely JavaScript). The benefits of package management mean that the same library only needs to be installed once - this is important when specific bits of functionality (dependencies) need to be used across multiple libraries. Instead of loading these separately - and possibly introducing duplication or inconsistency, these are referenced instead of loaded in their entirety for performance and consistency.
Package managers also keep track of compatibility, which means that plugins or libraries cannot be added unless they are compatible with the others - Sure, this sounds like a pain and admittedly, it was quite the learning curve. Yet, despite my initial hesitations as a hands-on developer, I soon saw the benefits of this approach, especially when dealing with the consequences of this not being in place. Appreciated, this is a hard concept for less experienced developers to embrace - and means nothing to clients, but over time, this solves more problems over time than it causes, by making sure all third-party functionality sings from the same page, without needless duplication.
Loose content management
Outside of adding more plugins for a better, modular content authoring experience, WordPress, as designed for a blog utilises a single content area to control the layout and content of the page. This results in a lot of data being stored in the database as a workaround to allow for more rich layouts and content types. The interface for managing page content is powerful and can handle many content types, but compared to some of its competitors, the content authoring experience for WordPress feels clunky.
Direct control over the appearance of each page sounds like a good thing, inexperienced content authors can quickly turn what was once a clean design into an eye sore. This also goes against the modern practice of keeping design and content separate and as a result, a badly content managed site will very soon appear dated or dilapidated.
More horrifying however is the ability for admins to change functionality directly from the WordPress admin panel, despite warnings, clients with no budget for proper maintenance will try (or their friend who once owned a computer) their hands at doing coding updates themselves - how hard can it be? This often leads to a support request to the original supplier to fix the problems they themselves caused - soon follows finger pointing for any website issue, ever as these changes were outside of version control.
